A lot of these code detection algorithms will generate false positives.
I had hoped that by now, cs-cart would have created an installer for payment methods similar to addons. There's not need to carry all payment providers as operational in the system. Of the 50+ providers, most people use 1 or 2.
We've seen this one as a false positive as well. If their scanner is using a Bayesian detection scheme it flags it. You will get this on shared hosts since your only as stable as the worst tenant on the server.
Ask them to white list that file or the directory if you do not want to get things like this.